Businesses, big and small, are regular targets of cybercriminals. While owners and managers exert effort to protect company data and customer information, breaches still occur ever so often. Experts say this is a result of data security threats that are often overlooked.
Let’s look at some of them and discuss solutions:
Ignored Software Patches and Updates
A good number of security breaches are a result of malware infecting company workstations and networks. While software companies routinely roll out patches and updates to fix vulnerabilities in the software that they sell to businesses, some end users ignore these security fixes, leaving their computers and networks vulnerable to attacks and data theft.
Solution: Set a schedule for the routine installation of patches and updates. Choose a time and day that least disrupts operations like the last day of the week, after everyone is gone from the office. Additionally, you can automate the installation of software updates and patches.
Use of Unauthorized Computers and Devices
This is a common occurrence. An employee decides to bring a home PC and connects it to the company network or takes a personal USB flash drive and uses it on a company workstation. These actions, while innocuous to the eyes of an unwitting employee, could inadvertently introduce malware to the system.
Solution: Make it a policy to ban the use of personal devices on company workstations and from the office networks. You can enforce this by educating employees on the threats this practice brings, and by doing routine audits of IP addresses.
Use of Legacy Systems and Applications
Some businesses, because of budget constraints, choose to stick with obsolete or outdated operating systems and applications instead of spending for upgrades or migrating to more secure ones. This makes financial and operational sense for some, but from a security perspective, this is not ideal as legacy systems and applications often have inherent vulnerabilities that are not possible to fix or patch due to technology limitation or discontinued support.
Solution: Software vendors typically offer affordable upgrade paths to existing and previous business clients. Take advantage of these offers. If the cost for moving to newer systems is still too prohibitive, consider free and open-source alternatives.
Misappropriation of Administrative Privileges
Sometimes, the IT department gives employees elevated user privileges to troubleshoot problems and forgets to reset it back. In other instances, an employee is simply issued user privileges on a system that is more than what his or her job description requires. Regardless of the scenario, a misappropriated admin privilege is a potential data breach.
Solution: Make use of centralized network admin tools to quickly manage user privileges. These tools are also useful for auditing and resetting user privileges on a regular basis.
Neglect of Physical Security
As companies focus on hardening their systems and assets from hacking and other cyber security threats, some end up neglecting the physical security of computer, data, and network equipment. The losses that result from a physical security breach is equally damaging.
Solution: Protect your data and equipment by limiting and monitoring access to your hardware to a select few using access control cards. Having an access control system in place would greatly reduce incidence of physical breaches.
In a competitive data-driven business environment, it is important for business owners and managers to be proactive in protecting company data and customer information and just like with people’s health, prevention is always better than the cure.
Need help in improving security for your business? Call or e-mail our ID security experts today.
For Further Reading: